vulnerability
Oracle Linux: CVE-2022-3570: ELSA-2023-2340: libtiff security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:N/I:N/A:C) | Feb 24, 2022 | May 17, 2023 | Dec 3, 2025 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:N/A:C)
Published
Feb 24, 2022
Added
May 17, 2023
Modified
Dec 3, 2025
Description
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.
A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.
Solutions
oracle-linux-upgrade-libtifforacle-linux-upgrade-libtiff-develoracle-linux-upgrade-libtiff-tools
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.